From 4161e147969a3445ffd84dcd10b99baaee523bce Mon Sep 17 00:00:00 2001
From: canyonknight <canyonknight@gmail.com>
Date: Tue, 6 Nov 2012 17:13:45 -0500
Subject: pkg_details.php: Fix potential XSS for package names and dep
 conditions

Package names and dep conditions can be specially crafted for an XSS
attack. Properly sanitize these variables on the package details page.

In addition, avoid including dep conditions as part of a package link.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/template/pkg_details.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'web/template/pkg_details.php')

diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php
index cdf2764..b5d8a9f 100644
--- a/web/template/pkg_details.php
+++ b/web/template/pkg_details.php
@@ -190,9 +190,9 @@ if ($row["MaintainerUID"]):
 		# darr: (DepName, DepCondition, PackageID), where ID is NULL if it didn't exist
 		if (!is_null($darr[2])):
 ?>
-				<li><a href="<?= htmlspecialchars(get_pkg_uri($darr[0]), ENT_QUOTES); ?>" title="<?= __('View packages details for').' '.$darr[0].$darr[1]?>"><?= $darr[0].$darr[1]?></a></li>
+				<li><a href="<?= htmlspecialchars(get_pkg_uri($darr[0]), ENT_QUOTES); ?>" title="<?= __('View packages details for').' '. htmlspecialchars($darr[0]) ?>"><?= htmlspecialchars($darr[0]) ?></a><?= htmlspecialchars($darr[1]) ?></li>
 		<?php else: ?>
-				<li><a href="https://www.archlinux.org/packages/?q=<?= urlencode($darr[0])?>" title="<?= __('View packages details for').' '.$darr[0].$darr[1] ?>"><?= $darr[0].$darr[1] ?></a></li>
+				<li><a href="https://www.archlinux.org/packages/?q=<?= urlencode($darr[0])?>" title="<?= __('View packages details for').' ' . htmlspecialchars($darr[0]) ?>"><?= htmlspecialchars($darr[0]) ?></a><?= htmlspecialchars($darr[1]) ?></li>
 		<?php endif; ?>
 	<?php endwhile; ?>
 			</ul>
@@ -206,7 +206,7 @@ if ($row["MaintainerUID"]):
 	# darr: (PackageName, PackageID)
 	while (list($k, $darr) = each($requiredby)):
 ?>
-				<li><a href="<?= htmlspecialchars(get_pkg_uri($darr[0]), ENT_QUOTES); ?>" title="<?= __('View packages details for').' '.$darr[0]?>"><?= $darr[0] ?></a></li>
+				<li><a href="<?= htmlspecialchars(get_pkg_uri($darr[0]), ENT_QUOTES); ?>" title="<?= __('View packages details for').' ' . htmlspecialchars($darr[0]) ?>"><?= htmlspecialchars($darr[0]) ?></a></li>
 	<?php endwhile; ?>
 			</ul>
 <?php endif; ?>
-- 
cgit v1.2.3-54-g00ecf